[Remote] DevSecOps Engineer – Security Automation & Pipeline Development (Remote)

Note: The job is a remote job and is open to candidates in USA. Stage 4 Solutions is a global B2B high-tech company seeking a DevSecOps Engineer for Security Automation & Pipeline Development. The role involves upgrading vulnerable containers, applying cloud hardening, maintaining Terraform/Ansible code, and designing automated container patching pipelines.

Responsibilities

• Upgrade vulnerable containers in collaboration with the DevSecOps team, testing and promoting updates to production
• Apply cloud hardening and maintain Terraform/Ansible code to enforce security settings across AWS services and Kubernetes nodes per STIG and CIS benchmarks
• Design and maintain automated container patching pipelines, including base image refresh, rebuild triggers, and automated PR generation
• Build and maintain vulnerability scanning workflows using Grype and/or Trivy as pipeline gates blocking promotion of images exceeding CVE thresholds
• Build and manage Argo Workflows orchestrating end-to-end patch automation from scanning through remediation, rebuild, and deployment
• Write Python-based tooling supporting pipeline logic, scan result parsing, notification routing, and patch orchestration
• Own GitHub-based development workflow: branch strategy, PR creation/review, code quality standards, and merge gate enforcement
• Conduct code reviews, ensuring changes meet security, quality, and operational standards before production promotion
• Maintain production readiness practices, including testing, peer review, rollback procedures, and deployment validation
• Analyze Kubernetes IAM configurations and RBAC policies to identify overprivileged roles, misconfigurations, and deviations from least-privilege principles
• Review and harden Kubernetes network setup and segmentation, including network policies, namespace isolation, and inter-service communication controls
• Audit certificate usage across the cluster and pipeline, ensuring proper issuance, validity, and automated rotation; verify secrets are rotated on schedule and not hardcoded or overexposed
• Scan codebases, repos, and infrastructure configs for exposed secrets using open source tools such as Hedgehog and equivalent secret detection utilities
• Scan S3 buckets for exposed secrets and sensitive data, remediating findings and implementing preventive controls
• Review network, WAF, and Istio logs to map existing traffic flows and service communication patterns in preparation for network segmentation and a deny-by-default lockdown posture
• Develop automations for WAF rule creation and tuning based on observed traffic patterns and threat intelligence
• Leverage Claude to accelerate security research, organize remediation plans, and develop Python-based tooling for non-production-impacting automation and analysis tasks

Skills

• Core Platform & Cloud AWS EKS, Kubernetes, Terraform, Ansible, ArgoCD, Argo Workflows, GitLab, GitHub
• Security & Compliance FedRAMP, STIG, CIS Benchmarks, RBAC, IAM, Okta/OIDC, SAML, WAF, Istio, Network Segmentation, Certificate Management, Secrets Rotation, Least Privilege
• Scanning & Tooling Grype, Anchore, Hedgehog, S3 Scanning, Vulnerability Scanning, Secrets Detection
• Development Python, CI/CD Pipelines, Code Review, PR Management, Patch Automation
• AI Claude, AI-Assisted Coding
• Bachelor s degree

Benefits

• Health benefits and 401K are offered.
• This is a W2 employee of Stage 4 Solutions.

Company Overview